General
-
Target
e533ec44e0fbee8057cf1b3ad4782b277a5801eb02eab57082634f34bb6cfcc5.exe
-
Size
3.1MB
-
Sample
241118-pdfnsswhjn
-
MD5
8a86375d4afaad3b3784efe30144a978
-
SHA1
20b26de7d75461d01d01bb025c67bff370301655
-
SHA256
e533ec44e0fbee8057cf1b3ad4782b277a5801eb02eab57082634f34bb6cfcc5
-
SHA512
126979671be90d7712e340f4c70aff968c7570a3abdb794a8f964c81f3830a2da9f0d5755dd9a0c84435232381b835deef74b67775fc2a6c1a789ad398ff53d5
-
SSDEEP
49152:7v/lL26AaNeWgPhlmVqvMQ7XSKd74wvMfY8oGdahZTHHB72eh2NTh:7vNL26AaNeWgPhlmVqkQ7XSKd74wIz
Behavioral task
behavioral1
Sample
e533ec44e0fbee8057cf1b3ad4782b277a5801eb02eab57082634f34bb6cfcc5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e533ec44e0fbee8057cf1b3ad4782b277a5801eb02eab57082634f34bb6cfcc5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.4.1
RuntimeBroker
anonam39-41248.portmap.io:41248
bcabad1b-b1a9-478b-a187-3607b6476fd1
-
encryption_key
479AF86B7B3A0AC9CE19AAE974A681BB6EE1949C
-
install_name
RuntimeBroker.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
RuntimeBroker
-
subdirectory
a7
Targets
-
-
Target
e533ec44e0fbee8057cf1b3ad4782b277a5801eb02eab57082634f34bb6cfcc5.exe
-
Size
3.1MB
-
MD5
8a86375d4afaad3b3784efe30144a978
-
SHA1
20b26de7d75461d01d01bb025c67bff370301655
-
SHA256
e533ec44e0fbee8057cf1b3ad4782b277a5801eb02eab57082634f34bb6cfcc5
-
SHA512
126979671be90d7712e340f4c70aff968c7570a3abdb794a8f964c81f3830a2da9f0d5755dd9a0c84435232381b835deef74b67775fc2a6c1a789ad398ff53d5
-
SSDEEP
49152:7v/lL26AaNeWgPhlmVqvMQ7XSKd74wvMfY8oGdahZTHHB72eh2NTh:7vNL26AaNeWgPhlmVqkQ7XSKd74wIz
Score10/10-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-